Abstract
Functional bootstrapping (FBS) is a powerful technique that evaluates a look-up table (LUT) while refreshing an LWE ciphertext in FHEW and TFHE schemes. However, the LUT evaluation over the message space is constrained by negacyclicity, which affects the practical application of functional bootstrapping. Existing methods require multiple FBS and some homomorphic operations to address this issue, which results in inferior performance compared with the original functional bootstrapping.
In this paper, we utilize the variant least significant bit (LSB) encoding method to efficiently achieve the full domain functional bootstrapping for message space in FHEW-like schemes. Specifically, the message space \(\mathbb {Z}_t\) is embedded into the encoding space \(\mathbb {Z}_{N}\) by setting the most significant bit of noise to zero. As a result, the encoding space is equal to the domain of the LUT and our functional bootstrapping can evaluate arbitrary functions. In addition, our technique can be applied to multi-value bootstrapping and tree-based bootstrapping. Thus, these algorithms only need one FBS to achieve the full domain property.
Finally, we implement our full domain functional bootstrapping in the OpenFHE cryptography library. Experiments demonstrate that up to 2 \(\times \) performance improvement is achieved compared with the state-of-the-art work [27].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albrecht, M., et al.: Homomorphic encryption security standard. Homomorphic Encryption. org, Toronto, Canada, Technical Report 11 (2018)
Alperin-Sheriff, J., Peikert, C.: Practical bootstrapping in quasilinear time. In: Canetti, R., Garay, J.A. (eds.) Annual Cryptology Conference, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_1
Bonte, C., Iliashenko, I., Park, J., Pereira, H.V., Smart, N.P.: Final: faster FHE instantiated with NTRU and LWE. Cryptology ePrint Archive (2022)
Boura, C., Gama, N., Georgieva, M., Jetchev, D.: Simulating homomorphic evaluation of deep learning predictions. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) International Symposium on Cyber Security Cryptography and Machine Learning, pp. 212–230. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-20951-3_20
Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) Annual Cryptology Conference, pp. 868–886. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_50
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory (TOCT) 6(3), 1–36 (2014)
Carpov, S., Izabachène, M., Mollimard, V.: New techniques for multi-value input homomorphic evaluation and applications. In: Matsui, M. (ed.) Cryptographers’ Track at the RSA Conference, pp. 106–126. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-12612-4_6
Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Bootstrapping for approximate homomorphic encryption. In: Nielsen, J., Rijmen, V. (eds.) Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 360–384. Springer (2018). https://doi.org/10.1007/978-3-319-78381-9_14
Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 409–437. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70694-8_15
Chillotti, I., Gama, N., Georgieva, M., Izabachene, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J., Takagi, T. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 3–33. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_1
Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020)
Chillotti, I., Joye, M., Paillier, P.: Programmable bootstrapping enables efficient homomorphic inference of deep neural networks. In: Dolev, S., Margalit, O., Pinkas, B., Schwarzmann, A. (eds.) International Symposium on Cyber Security Cryptography and Machine Learning, pp. 1–19. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-78086-9_1
Chillotti, I., Ligier, D., Orfila, J.B., Tap, S.: Improved programmable bootstrapping with larger precision and efficient arithmetic circuits for TFHE. In: Tibouchi, M., Wang, H. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 670–699. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-92078-4_23
Clet, P.E., Zuber, M., Boudguiga, A., Sirdey, R., Gouy-Pailler, C.: Putting up the swiss army knife of homomorphic calculations by means of tfhe functional bootstrapping. Cryptology ePrint Archive (2022)
Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology - EUROCRYPT 2015–34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 26–30 April 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_24
Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive (2012)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)
Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) Annual Cryptology Conference, pp. 75–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_5
Guimarães, A., Borin, E., Aranha, D.F.: Revisiting the functional bootstrap in TFHE. IACR Trans. Cryptogr. Hardware Embed. Syst. 229–253 (2021)
Guimarães, A., Borin, E., Aranha, D.F.: Mosfhet: optimized software for FHE over the torus. Cryptology ePrint Archive (2022)
Halevi, S., Shoup, V.: Algorithms in helib. In: Garay, J.A., Gennaro, R. (eds.) Annual Cryptology Conference, pp. 554–571. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_31
Halevi, S., Shoup, V.: Design and implementation of helib: a homomorphic encryption library. Cryptology ePrint Archive (2020)
Halevi, S., Shoup, V.: Bootstrapping for helib. J. Cryptol. 34 (2021). https://doi.org/10.1007/s00145-020-09368-7
Joye, M., Walter, M.: Liberating TFHE: programmable bootstrapping with general quotient polynomials. Cryptology ePrint Archive, Paper 2022/1177 (2022). https://eprint.iacr.org/2022/1177
Kim, A., Polyakov, Y., Zucca, V.: Revisiting homomorphic encryption schemes for finite fields. In: Tibouchi, M., Wang, H. (eds.) International Conference on the Theory and Application of Cryptology and Information Security. pp. 608–639. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-92078-4_21
Kluczniak, K., Schild, L.: FDFB: full domain functional bootstrapping towards practical fully homomorphic encryption. IACR Trans. Cryptogr. Hardware Embed. Syst. 2023(1), 501–537 (2022). https://doi.org/10.46586/tches.v2023.i1.501-537
Liu, Z., Micciancio, D., Polyakov, Y.: Large-precision homomorphic sign evaluation using FHEW/TFHE bootstrapping. In: Agrawal, S., Lin, D. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 130–160. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22966-4_5
Micciancio, D., Polyakov, Y.: Bootstrapping in FHEW-like cryptosystems. In: Proceedings of the 9th on Workshop on Encrypted Computing & Applied Homomorphic Cryptography, pp. 17–28 (2021)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)
Yang, Z., Xie, X., Shen, H., Chen, S., Zhou, J.: TOTA: fully homomorphic encryption with smaller parameters and stronger security. Cryptology ePrint Archive (2021)
Acknowledgments
We are grateful for the helpful comments from the anonymous reviewers of Inscrypt 2023. This work was supported by CAS Project for Young Scientists in Basic Research (Grant No. YSBR-035).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Algorithms of functions presented in Section 2.4
A Algorithms of functions presented in Section 2.4
1.1 A.1 Correctness of the Key Switching
Lemma 1
Input an LWE ciphertext \(\textsf{ct} = \textsf{LWE}_{\textbf{z}}^N(m) \) with error variance \(\textsf{Var}(e)\), and the switching keys \(\textsf{ksk}_{i, j, v}\) with error variance \(\textsf{Var}(e_{\textsf{ksk}})\), the key switching algorithm outputs a new LWE ciphertext \(\textsf{ct}^{{\prime }} =\textsf{KeySwitch}_{\textbf{z} \rightarrow \textbf{s}}(\textsf{ct})\) with error variance \(\textsf{Var}(e^{\prime })\).
Proof
Let \(\textsf{ksk}_{i, j, v}=(\textbf{a}^{\prime }_{i, j, v},\textbf{a}^{\prime }_{i, j, v}\cdot \textbf{s}+v z_{i} B_{ks}^{j}+e_{i, j, v})\) for some \(\textbf{a}^{\prime }_{i, j, v} \in \mathbb {Z}_q^n\) and \(e_{i, j, v} \in \chi _{\delta }\), the output ciphertext is
where \(\textbf{a}^{\prime } = -\sum _{i, j} \textbf{a}^{\prime }_{i, j, a_{i, j}}\) and \(b^{\prime } = b-\textbf{a}\cdot \textbf{z}+\textbf{a}^{\prime } \cdot \textbf{s} - \sum _{i, j}e_{i, j, a_{i, j}}\). According to Theorem 6 of [15], the variance of the noise satisfies \(\textsf{Var}(e^{'}) \le \textsf{Var}(e)+Nd_{ks}\cdot \textsf{Var}(e_{\textsf{ksk}})\).
1.2 A.2 Correctness of the Modulus Switching
Lemma 2
Input an LWE ciphertext \(\textsf{ct} = (\textbf{a},b) \in \textsf{LWE}_{\textbf{s}}^n(m)\) with error variance \(\textsf{Var}(e)\) modulo Q, the modulus switching algorithm outputs a new LWE ciphertext \(\textsf{ct}^{\prime } =\textsf{ModSwitch}_{Q \rightarrow q}(\textsf{ct})\) with error variance \(\textsf{Var}(e^{\prime })\) modulo q.
Proof
Let the integers \(Q> q> t\) and \(Q \equiv 1 \bmod t,q \equiv 1 \bmod t\), the output ciphertext is
and satisfies the requirement that \(a_i^{\prime } \equiv a_i \bmod t, b^{\prime } \equiv b \bmod t\). It is straightforward to conclude that \(b+\left\langle \textbf{a},\textbf{s} \right\rangle \bmod Q \bmod t = b^{\prime }+\left\langle \textbf{a}^{\prime },\textbf{s} \right\rangle \bmod q \bmod t\) according to Lemma 5 of [6], and the variance of noise satisfies \(\textsf{Var}(e^{\prime }) \le (\frac{q}{Q})^2\cdot \textsf{Var}(e)+ \frac{t}{2}\cdot ||\textbf{s}||_2^2\).
1.3 A.3 Correctness of the Encoding Transformation
Lemma 3
Input an LWE ciphertext \(\textsf{ct} \in \mathsf {MSB.LWE}^n _\textbf{s}(m)\) with error variance \(\textsf{Var}(e)\), the encoding transformation algorithm outputs a new LWE ciphertext \(\textsf{ct}^{\prime } =\mathsf {EncodeTrans(ct)} \in \mathsf {LSB.LWE}^n _\textbf{s}(-m)\) with error variance \(\textsf{Var}(e)\).
Proof
Let \(\textsf{ct}= (\textbf{a},b=-\left\langle \textbf{a},\textbf{s} \right\rangle + \omega ) \in \mathbb {Z}^{n+1}_q\) with \(q \equiv 1 \bmod t\), where \(\omega = \left\lfloor \frac{q}{t} \cdot m \right\rceil +e\). The decoding procedure of MSB encoding is
for some \(f \in \frac{1}{q} \mathbb {Z}\cap [-1/2,1/2)\). By multiplying by q and let \(\mu = q\cdot f \in \mathbb {Z}\cap [-q/2,q/2)\), one can get \(\omega \cdot t - \mu = q \cdot m \bmod tq\). Then \(\textsf{ct}^{\prime }=\mathsf {EncodeTrans(ct)} =(t \cdot \textbf{a},t \cdot b) \bmod q\) is a ciphertext with the LSB encoding since the decryption step is \( \omega \cdot t = \mu \bmod q\) and
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, Z., Wei, B., Wang, R., Lu, X., Wang, K. (2024). Full Domain Functional Bootstrapping with Least Significant Bit Encoding. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14526. Springer, Singapore. https://doi.org/10.1007/978-981-97-0942-7_11
Download citation
DOI: https://doi.org/10.1007/978-981-97-0942-7_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0941-0
Online ISBN: 978-981-97-0942-7
eBook Packages: Computer ScienceComputer Science (R0)